Anthos clusters on Bare Metal 1.12 版在 Kubernetes 1.22 上运行。Kubernetes 1.22 已弃用某些 API,您可以在 Kubernetes 1.22 已弃用的 API 中找到这些已弃用的 API 列表。
在 Anthos clusters on Bare Metal 1.12 版中,所有集群都已启用集群审核日志记录功能,且审核日志将流式传输到 Google Cloud 的运维套件。如需确定您使用的 Kubernetes 服务帐号 (SA) 是否调用了任何已弃用的 API,请转到日志浏览器并运行以下查询。此查询的输出会显示您的任何 Kubernetes 服务账号是否进行了已弃用的 API 调用:
resource.labels.cluster_name = "<cluster_name>" AND
logName = "projects/<project>/logs/externalaudit.googleapis.com%2Factivity" AND
(protoPayload.methodName:"io.k8s.apiextensions.v1beta1.CustomResourceDefinition" OR
protoPayload.methodName:"io.k8s.admissionregistration.v1beta1.MutatingWebhookConfiguration" OR
protoPayload.methodName:"io.k8s.admissionregistration.v1beta1.ValidatingWebhookConfiguration" OR
protoPayload.methodName:"io.k8s.apiregistration.v1beta1.APIService" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.TokenReview" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.LocalSubjectAccessReview" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.SelfSubjectAccessReview" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.SubjectAccessReview" OR
protoPayload.methodName:"io.k8s.certificates.v1beta1.CertificateSigningRequest" OR
protoPayload.methodName:"io.k8s.coordination.v1beta1.Lease" OR
protoPayload.methodName:"io.k8s.networking.v1beta1.Ingress" OR
protoPayload.methodName:"io.k8s.networking.v1beta1.IngressClass" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.ClusterRole" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.ClusterRoleBinding" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.Role" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.RoleBinding" OR
protoPayload.methodName:"io.k8s.scheduling.v1beta1.PriorityClass" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.CSIDriver" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.CSINode" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.StorageClass" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.VolumeAttachment"
)